mod_python -- information leakage vulnerability

Details

VuXML ID

5192e7ca-7d4f-11d9-a9e7-0001020eed82

Discovery

2005-01-30

Entry

2005-02-13

Mark J Cox reports:

Graham Dumpleton discovered a flaw which can affect
anyone using the publisher handle of the Apache Software
Foundation mod_python. The publisher handle lets you
publish objects inside modules to make them callable via
URL. The flaw allows a carefully crafted URL to obtain
extra information that should not be visible (information
leak).